Am 27.10.2010 21:04, schrieb Andrew Lewman: > On Wed, 27 Oct 2010 19:19:02 +0100 > Matthew <[email protected]> wrote: > >> There is a "Hints and Tips for Whistleblowers Guide" available at >> http://ht4w.co.uk/. > > The first problem is the content is actually served up by > hostingprod.com and not ht4w.co.uk. > > As far as the content in question, it is dangerously wrong.
Like the rest of the page in question (https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/ht4w/2009/12/open-proxy-servers.html) "Tor exit nodes do not always allow SSL/TLS encrypted sessions either, but since these are vital for e-commerce, many do, even behind otherwise restrictive firewalls and censorware. The Tor system will, after a short delay, find a reasonably randomly chosen exit node, which does accept SSL/TLS connection, statistically, this will usually be located outside of the United Kingdom. " Uhm? I think every legit exit node allows https. "Remember that using any SSL/TLS https:// encrypted proxy server session, or the mostly encrypted Tor proxy cloud, may protect the contents of your traffic from local snoopers, but if you have to login or otherwise authenticate to a web server or email system etc., then those details (including your real IP address) will still probably be logged by the target server, regardless of the link or session encryption, and so your whistleblower details may still be exposed, if that server is physically seized as evidence by the police or is sneakily compromised by intelligence agencies etc., either through technical hacking or bugging or by putting pressure on the systems administrators." Uhm - well I think it is true that the page I'm logging in to knows my user credentials, but I don't get the point why they should need to snoop them from my traffic, as its probably in their database. Conclusion: I wouldn't trust any of the contents of this page ;) regards, Jan *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
